Information security researchers have identified many servers hacked using a recently discovered critical vulnerability in the PHP programming language interpreter, US information technology publication ARS Technica reported on June 14.
The critical vulnerability, coded CVE-2024-4577 and severity level 9.8 out of 10, is due to errors when converting UTF characters to ASCII in the Windows operating system (OS). The vulnerability is easy to exploit. An attacker can use specially selected characters to execute their code.
The problem only occurs in CGI mode, which few people use today, or if the interpreter startup file is accessible from a web server. The latter is typical, for example, of the XAMPP assembly.
Researchers have identified more than a thousand servers affected by the TellYouThePass ransomware trojan. The Trojan is reported to run on a hacked server via a vulnerability in PHP.
Most of these servers were found in China. The scripts were executed in the XAMPP environment. The problem is that the XAMPP developer clearly states in the documentation that this assembly is not intended for production use. It is designed for developing and testing web applications.
Source: Rossa Primavera
I am Michael Melvin, an experienced news writer with a passion for uncovering stories and bringing them to the public. I have been working in the news industry for over five years now, and my work has been published on multiple websites. As an author at 24 News Reporters, I cover world section of current events stories that are both informative and captivating to read.